February 2016 - Devel - libvirt List Archives

[libvirt] [PATCH] virfile: properly detect NFS storage
by Pavel Hrdina 26 Feb '16

26 Feb '16

Commit 35847860 introduced virFileUnlink() to fix an issue with deleting volumes on NFS root-squashed environment. This patch replace the uid and gid magic by virFileIsSharedFSType() to correctly detect that the volume is on NFS storage. This fixes the referenced bug. To reproduce this bug follow those steps on a domain with local storage: virsh start $domain virsh pool-refresh $pool virsh destroy $domain virsh vol-delete $volume $pool The thing is, that the pool-refresh will store qemu:qemu as uid:gid for that volume and after destroy the volume is relabeled back to root:root. Then you run vol-delete and the virFileRemove() function will try to unlink the file as a qemu:qemu process based on the uid and gid magic. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1260356 Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- src/util/virfile.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/util/virfile.c b/src/util/virfile.c index f45e18f..f9c5bb1 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -2334,13 +2334,16 @@ virFileRemove(const char *path, int status = 0, ret = 0; gid_t *groups; int ngroups; + int rc; /* If not running as root or if a non explicit uid/gid was being used for * the file/volume or the explicit uid/gid matches, then use unlink directly */ - if ((geteuid() != 0) || - ((uid == (uid_t) -1) && (gid == (gid_t) -1)) || - (uid == geteuid() && gid == getegid())) { + rc = virFileIsSharedFSType(path, VIR_FILE_SHFS_NFS); + if (rc < 0) + return -EINVAL; + + if (rc == 0) { if (virFileIsDir(path)) return rmdir(path); else -- 2.7.1

3 3

[libvirt] [PATCH] libxl: unref objects in error paths
by Jim Fehlig 26 Feb '16

26 Feb '16

libxlMakeNic opens a virConnect object and takes a reference on a virNetwork object, but doesn't drop the references on all error paths. Rework the function to follow the standard libvirt pattern of using a local 'ret' variable to hold the function return value, performing all cleanup and returning 'ret' at a 'cleanup' label. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com> --- I noticed these leaks while trying to rework the code to use a common virConnect object. That task has turned into quite an effort [1], but in the meantime the leaks in the current code should be plugged. [1] https://www.redhat.com/archives/libvir-list/2016-February/msg01188.html src/libxl/libxl_conf.c | 57 ++++++++++++++++++++++++-------------------------- 1 file changed, 27 insertions(+), 30 deletions(-) diff --git a/src/libxl/libxl_conf.c b/src/libxl/libxl_conf.c index b20df29..763f4c5 100644 --- a/src/libxl/libxl_conf.c +++ b/src/libxl/libxl_conf.c @@ -1286,7 +1286,11 @@ libxlMakeNic(virDomainDefPtr def, { bool ioemu_nic = def->os.type == VIR_DOMAIN_OSTYPE_HVM; virDomainNetType actual_type = virDomainNetGetActualType(l_nic); + char *brname = NULL; + virNetworkPtr network = NULL; + virConnectPtr conn = NULL; virNetDevBandwidthPtr actual_bw; + int ret = -1; /* TODO: Where is mtu stored? * @@ -1312,64 +1316,50 @@ libxlMakeNic(virDomainDefPtr def, if (l_nic->model) { if (VIR_STRDUP(x_nic->model, l_nic->model) < 0) - return -1; + goto cleanup; if (STREQ(l_nic->model, "netfront")) x_nic->nictype = LIBXL_NIC_TYPE_VIF; } if (VIR_STRDUP(x_nic->ifname, l_nic->ifname) < 0) - return -1; + goto cleanup; switch (actual_type) { case VIR_DOMAIN_NET_TYPE_BRIDGE: if (VIR_STRDUP(x_nic->bridge, virDomainNetGetActualBridgeName(l_nic)) < 0) - return -1; + goto cleanup; /* fallthrough */ case VIR_DOMAIN_NET_TYPE_ETHERNET: if (VIR_STRDUP(x_nic->script, l_nic->script) < 0) - return -1; + goto cleanup; if (l_nic->nips > 0) { x_nic->ip = virSocketAddrFormat(&l_nic->ips[0]->address); if (!x_nic->ip) - return -1; + goto cleanup; } break; case VIR_DOMAIN_NET_TYPE_NETWORK: { - bool fail = false; - char *brname = NULL; - virNetworkPtr network; - virConnectPtr conn; - if (!(conn = virConnectOpen("xen:///system"))) - return -1; + goto cleanup; if (!(network = virNetworkLookupByName(conn, l_nic->data.network.name))) { - virObjectUnref(conn); - return -1; + goto cleanup; } if (l_nic->nips > 0) { x_nic->ip = virSocketAddrFormat(&l_nic->ips[0]->address); if (!x_nic->ip) - return -1; + goto cleanup; } - if ((brname = virNetworkGetBridgeName(network))) { - if (VIR_STRDUP(x_nic->bridge, brname) < 0) - fail = true; - } else { - fail = true; - } - - VIR_FREE(brname); + if (!(brname = virNetworkGetBridgeName(network))) + goto cleanup; - virObjectUnref(network); - virObjectUnref(conn); - if (fail) - return -1; + if (VIR_STRDUP(x_nic->bridge, brname) < 0) + goto cleanup; break; } case VIR_DOMAIN_NET_TYPE_VHOSTUSER: @@ -1385,18 +1375,18 @@ libxlMakeNic(virDomainDefPtr def, virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("unsupported interface type %s"), virDomainNetTypeToString(l_nic->type)); - return -1; + goto cleanup; } if (l_nic->domain_name) { #ifdef LIBXL_HAVE_DEVICE_BACKEND_DOMNAME if (VIR_STRDUP(x_nic->backend_domname, l_nic->domain_name) < 0) - return -1; + goto cleanup; #else virReportError(VIR_ERR_XML_DETAIL, "%s", _("this version of libxenlight does not " "support backend domain name")); - return -1; + goto cleanup; #endif } @@ -1438,7 +1428,14 @@ libxlMakeNic(virDomainDefPtr def, x_nic->rate_interval_usecs = 50000UL; } - return 0; + ret = 0; + + cleanup: + VIR_FREE(brname); + virObjectUnref(network); + virObjectUnref(conn); + + return ret; } static int -- 2.6.1

3 3

[libvirt] [PATCH v3 0/3] Add capability for text based polkit authentication for virsh
by John Ferlan 26 Feb '16

26 Feb '16

v2: http://www.redhat.com/archives/libvir-list/2016-February/msg00618.html Adjustments since v2: Patch 1 - Change not only the message (as requested), but also use a different and new error code (VIR_ERR_AUTH_UNAVAILABLE). Patch 2 - Added a check for "if (!isatty(STDIN_FILENO))" Used a new parameter for pkttyagent call - "--notify-fd", which is documented as "To get notified when the authentication agent has been registered either listen to the Changed D-Bus signal or use --notify-fd to pass the number of a file descriptor that has been passed to the program. This file descriptor will then be closed when the authentication agent has been successfully registered. Followed the systemd mechanism. If it's felt that a timeout of -1 is too dangerous, I'd be fine with changing it. Patch 3 - Since we now can determine our failure based on err->code, use the new VIR_ERR_AUTH_UNAVAILABLE to attempt the AgentCreate. Also, since virPolkitAgentCreate now will wait for the agent to start before returning, the agentstart counter is removed. John Ferlan (3): polkit: Adjust message when authentication agent isn't found util: Introduce API's for Polkit text authentication virsh: Add support for text based polkit authentication include/libvirt/virterror.h | 3 +- src/libvirt_private.syms | 2 ++ src/util/virerror.c | 8 ++++- src/util/virpolkit.c | 85 ++++++++++++++++++++++++++++++++++++++++++--- src/util/virpolkit.h | 5 +++ tests/virpolkittest.c | 8 +++-- tools/virsh.c | 38 +++++++++++++++++--- tools/virsh.h | 2 ++ 8 files changed, 138 insertions(+), 13 deletions(-) -- 2.5.0

3 15

[libvirt] [PATCH 1/2] netdev: Use virNetDevIsVirtualFunction() properly
by Andrea Bolognani 26 Feb '16

26 Feb '16

virNetDevIsVirtualFunction() returns 1 if the interface is a virtual function, 0 if it isn't and -1 on error. This means that, despite the name suggesting otherwise, using it as a predicate is not correct. Fix two callers that were doing so adding an explicit check on the return value. --- src/util/virnetdev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c index ea95552..9e39c26 100644 --- a/src/util/virnetdev.c +++ b/src/util/virnetdev.c @@ -2531,7 +2531,7 @@ virNetDevReplaceNetConfig(const char *linkdev, int vf, int ret = -1; char *pfdevname = NULL; - if (vf == -1 && virNetDevIsVirtualFunction(linkdev)) { + if (vf == -1 && virNetDevIsVirtualFunction(linkdev) == 1) { /* If this really *is* a VF and the caller just didn't know * it, we should set the MAC address via PF+vf# instead of * setting directly via VF, because the latter will be @@ -2571,7 +2571,7 @@ virNetDevRestoreNetConfig(const char *linkdev, int vf, const char *stateDir) char *pfdevname = NULL; const char *vfdevname = NULL; - if (vf == -1 && virNetDevIsVirtualFunction(linkdev)) { + if (vf == -1 && virNetDevIsVirtualFunction(linkdev) == 1) { /* If this really *is* a VF and the caller just didn't know * it, we should set the MAC address via PF+vf# instead of * setting directly via VF, because the latter will be -- 2.5.0

2 2

[libvirt] [PATCH 2/2] hostdev: Remove temporary variable when checking for VF
by Andrea Bolognani 26 Feb '16

26 Feb '16

The virHostdevIsVirtualFunction() was called exactly twice, and in both cases the return value was saved to a temporary variable before being checked. This would be okay if it improved readability, but in this case is pretty pointless. Get rid of the temporary variable and check the return value directly; while at it, change the check from '<= 0' to '!= 1' to align it with the way other similar *IsVirtualFunction() functions are used thorough the code. --- src/util/virhostdev.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/util/virhostdev.c b/src/util/virhostdev.c index 9ae217d..2db0da0 100644 --- a/src/util/virhostdev.c +++ b/src/util/virhostdev.c @@ -416,10 +416,8 @@ virHostdevNetConfigReplace(virDomainHostdevDefPtr hostdev, int vf = -1; int vlanid = -1; bool port_profile_associate = true; - int isvf; - isvf = virHostdevIsVirtualFunction(hostdev); - if (isvf <= 0) { + if (virHostdevIsVirtualFunction(hostdev) != 1) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Interface type hostdev is currently supported on" " SR-IOV Virtual Functions only")); @@ -489,7 +487,6 @@ virHostdevNetConfigRestore(virDomainHostdevDefPtr hostdev, int ret = -1; int vf = -1; bool port_profile_associate = false; - int isvf; /* This is only needed for PCI devices that have been defined * using <interface type='hostdev'>. For all others, it is a NOP. @@ -497,8 +494,7 @@ virHostdevNetConfigRestore(virDomainHostdevDefPtr hostdev, if (!virHostdevIsPCINetDevice(hostdev)) return 0; - isvf = virHostdevIsVirtualFunction(hostdev); - if (isvf <= 0) { + if (virHostdevIsVirtualFunction(hostdev) != 1) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Interface type hostdev is currently supported on" " SR-IOV Virtual Functions only")); -- 2.5.0

2 2

[libvirt] [python PATCH 0/4] formatting and (un)signed improvements
by Pavel Hrdina 26 Feb '16

26 Feb '16

Pavel Hrdina (4): libvirt-override: all flags should be defined as unsigned int libvirt-override: fix PyArg_ParseTuple for unsigned int libvirt-override: fix PyArg_ParseTuple for unsigned long long libvirt-override: fix PyArg_ParseTuple for size_t libvirt-override.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) -- 2.7.1

2 5

[libvirt] [PATCH 0/3] More Coverity changes
by John Ferlan 26 Feb '16

26 Feb '16

All the issues here are found by a later version of Coverity than the one used by our internal testing. Two were false positives and one just an ordering issue with the virCheckFlags in the zfs backend. The future coverity really has a problem with strtok_r usage after a VIR_STRDUP which only checks < 0 because it's perfectly fine for the "source" to be NULL and a < 0 check won't fail. The reason why this is a problem is the target is then NULL and used for the strtok_r call. Code inspection finds the cases we have are all false positives; however, rather than making the <= or sa_assert() type check to validate that - I chose to use the virStringSplitCount in order to split and inspect the input string. It was much cleaner at least on the inspection front. The storage changes related to checking (ret == -1) resulted in a RESOURCE_LEAK false positive. As it turns out, the only reason why -1 was being check was to determine whether or not the VIR_APPEND_ELEMENT insertion failed. If that succeeds, then 'vol' is cleared anyway, so truly we only need to attempt the free if we have a new vol. The virStorageVolDefFree will quietly return if vol == NULL. John Ferlan (3): openvz: Use virStringSplitCount instead of strtok_r zfs: Resolve RESOURCE_LEAK storage: No need to check ret after VIR_APPEND_ELEMENT src/openvz/openvz_conf.c | 32 +++++++++++--------------------- src/storage/storage_backend_logical.c | 2 +- src/storage/storage_backend_zfs.c | 6 ++++-- 3 files changed, 16 insertions(+), 24 deletions(-) -- 2.5.0

2 5

[libvirt] [PATCH v4 0/2] notify about reverting to a snapshot
by Dmitry Andreev 25 Feb '16

25 Feb '16

Reverting to a snapshot may change domain configuration but there will be no events about that in some cases. Lack of the event become a problem for virt-manager https://bugzilla.redhat.com/show_bug.cgi?id=1081148 This patch-set introduces new event and emits it in qemuDomainRevertToSnapshot. v4: rebase v3: [2/2] event is emited only in the case when stopped domain is reverted to a stopped domain. Dmitry Andreev (2): Introduce new VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT sub-event qemu: emit 'defined' event after reverted to snapshot without state changes examples/object-events/event-test.c | 2 ++ include/libvirt/libvirt-domain.h | 1 + src/qemu/qemu_driver.c | 8 +++++++- tools/virsh-domain.c | 3 ++- 4 files changed, 12 insertions(+), 2 deletions(-) -- 1.8.3.1

2 3

[libvirt] [PATCH] Revert "Error out on missing machine type in machine configs"
by Ján Tomko 25 Feb '16

25 Feb '16

Revert commit 55e6d8cd9eac7eb2aaa4d221585e9402cf7269d5. It unconditionally required a machine type for all machine types even though qemu is the only emulator using them. Reverting this re-introduces the crash when someone fiddles with libvirt's machine configs with /etc/, but fixes persistent domains for other drivers. Breaks https://bugzilla.redhat.com/show_bug.cgi?id=1267256 again. --- A proper fix would be too invasive for the freeze, we would either * have to revert commit f1a89a8 which relaxed the requirement to execute the emulator * or (partially) revert commits a8b628e and 3d92a00 which reintroduced them to post parse callbacks and keep track of which parser requires the machine type in virDomainDefParserConfig. src/conf/domain_conf.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index 3b15cb4..79758d4 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -14851,12 +14851,6 @@ virDomainDefParseXML(xmlDocPtr xml, goto error; } VIR_FREE(capsdata); - } else { - if (!def->os.machine) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Missing machine type")); - goto error; - } } /* Extract domain name */ -- 2.4.10

2 5

[libvirt] [PATCH] libxl: implement virDomainInterfaceStats
by Joao Martins 25 Feb '16

25 Feb '16

Introduce support for domainInterfaceStats API call for querying network interface statistics. Consequently it also enables the use of `virsh domifstat <dom> <interface name>` command plus seeing the interfaces names instead of "-" when doing `virsh domiflist <dom>`. After successful guest creation we fill the network interfaces names based on domain, device id and append suffix if it's emulated in the following form: vif<domid>.<devid>[-emu]. We extract the network interfaces info from the libxl_domain_config object in libxlDomainCreateIfaceNames() to generate ifname. On domain cleanup we also clear ifname, in case it was set by libvirt (i.e. being prefixed with "vif"). We also skip these two steps in case the name of the interface was manually inserted by the adminstrator. Since the introdution of netprefix (commit a040ba9), ifnames with a registered prefix will be freed on virDomain{Obj,Def}Format*, thus eliminating the migration issues observed with the reverted commit d2e5538 whereas source and destination would have the same ifname. For getting the interface statistics we resort to virNetInterfaceStats and let libvirt handle the platform specific nits. Note that the latter is not yet supported in FreeBSD. Signed-off-by: Joao Martins <joao.m.martins(a)oracle.com> --- Changes since d2e5538: - Check net->ifname beforehand, preventing a crash on the migration failure path. - Use LIBXL_GENERATED_PREFIX_XEN as opposed to hardcoding "vif" - Bump from 1.3.0 to 1.3.2 - Change commit message to mention the migration issue and netprefix. --- src/libxl/libxl_domain.c | 39 ++++++++++++++++++++++++++++++++++++ src/libxl/libxl_driver.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 91 insertions(+) diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c index 50f7eed..9d0da68 100644 --- a/src/libxl/libxl_domain.c +++ b/src/libxl/libxl_domain.c @@ -762,6 +762,18 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver, } } + if ((vm->def->nnets)) { + size_t i; + + for (i = 0; i < vm->def->nnets; i++) { + virDomainNetDefPtr net = vm->def->nets[i]; + + if (net->ifname && + STRPREFIX(net->ifname, LIBXL_GENERATED_PREFIX_XEN)) + VIR_FREE(net->ifname); + } + } + if (virAsprintf(&file, "%s/%s.xml", cfg->stateDir, vm->def->name) > 0) { if (unlink(file) < 0 && errno != ENOENT && errno != ENOTDIR) VIR_DEBUG("Failed to remove domain XML for %s", vm->def->name); @@ -929,6 +941,32 @@ libxlConsoleCallback(libxl_ctx *ctx, libxl_event *ev, void *for_callback) libxl_event_free(ctx, ev); } +/* + * Create interface names for the network devices in parameter def. + * Names are created with the pattern 'vif<domid>.<devid><suffix>'. + * devid is extracted from the network devices in the d_config + * parameter. User-provided interface names are skipped. + */ +static void +libxlDomainCreateIfaceNames(virDomainDefPtr def, libxl_domain_config *d_config) +{ + size_t i; + + for (i = 0; i < def->nnets && i < d_config->num_nics; i++) { + virDomainNetDefPtr net = def->nets[i]; + libxl_device_nic *x_nic = &d_config->nics[i]; + const char *suffix = + x_nic->nictype != LIBXL_NIC_TYPE_VIF ? "-emu" : ""; + + if (net->ifname) + continue; + + ignore_value(virAsprintf(&net->ifname, + LIBXL_GENERATED_PREFIX_XEN "%d.%d%s", + def->id, x_nic->devid, suffix)); + } +} + /* * Start a domain through libxenlight. @@ -1073,6 +1111,7 @@ libxlDomainStart(libxlDriverPrivatePtr driver, virDomainObjPtr vm, if (libxl_evenable_domain_death(cfg->ctx, vm->def->id, 0, &priv->deathW)) goto cleanup_dom; + libxlDomainCreateIfaceNames(vm->def, &d_config); if ((dom_xml = virDomainDefFormat(vm->def, cfg->caps, 0)) == NULL) goto cleanup_dom; diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c index 404016e..5479441 100644 --- a/src/libxl/libxl_driver.c +++ b/src/libxl/libxl_driver.c @@ -58,6 +58,7 @@ #include "virhostdev.h" #include "network/bridge_driver.h" #include "locking/domain_lock.h" +#include "virstats.h" #define VIR_FROM_THIS VIR_FROM_LIBXL @@ -4662,6 +4663,56 @@ libxlDomainIsUpdated(virDomainPtr dom) } static int +libxlDomainInterfaceStats(virDomainPtr dom, + const char *path, + virDomainInterfaceStatsPtr stats) +{ + libxlDriverPrivatePtr driver = dom->conn->privateData; + virDomainObjPtr vm; + ssize_t i; + int ret = -1; + + if (!(vm = libxlDomObjFromDomain(dom))) + goto cleanup; + + if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0) + goto cleanup; + + if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_QUERY) < 0) + goto cleanup; + + if (!virDomainObjIsActive(vm)) { + virReportError(VIR_ERR_OPERATION_INVALID, + "%s", _("domain is not running")); + goto endjob; + } + + /* Check the path is one of the domain's network interfaces. */ + for (i = 0; i < vm->def->nnets; i++) { + if (vm->def->nets[i]->ifname && + STREQ(vm->def->nets[i]->ifname, path)) { + ret = 0; + break; + } + } + + if (ret == 0) + ret = virNetInterfaceStats(path, stats); + else + virReportError(VIR_ERR_INVALID_ARG, + _("'%s' is not a known interface"), path); + + endjob: + if (!libxlDomainObjEndJob(driver, vm)) + vm = NULL; + + cleanup: + if (vm) + virObjectUnlock(vm); + return ret; +} + +static int libxlDomainGetTotalCPUStats(libxlDriverPrivatePtr driver, virDomainObjPtr vm, virTypedParameterPtr params, @@ -5539,6 +5590,7 @@ static virHypervisorDriver libxlHypervisorDriver = { .domainGetJobStats = libxlDomainGetJobStats, /* 1.3.1 */ .domainMemoryStats = libxlDomainMemoryStats, /* 1.3.0 */ .domainGetCPUStats = libxlDomainGetCPUStats, /* 1.3.0 */ + .domainInterfaceStats = libxlDomainInterfaceStats, /* 1.3.2 */ .connectDomainEventRegister = libxlConnectDomainEventRegister, /* 0.9.0 */ .connectDomainEventDeregister = libxlConnectDomainEventDeregister, /* 0.9.0 */ .domainManagedSave = libxlDomainManagedSave, /* 0.9.2 */ -- 2.1.4

2 2